Skip to content

[fix][broker] Fix wrong behaviour when using namespace.allowed_clusters, such as namespace deletion and namespace policies updating #24860

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

[fix][broker] Fix wrong behaviour when using namespace.allowed_clusters, such as namespace deletion and namespace policies updating #24860

wants to merge 6 commits into from
+357 −83

Conversation

poorbarcode
Copy link
Contributor

@poorbarcode poorbarcode commented Oct 16, 2025
edited
Loading

Motivation

Before PIP-321 Introduce allowed-cluster at the namespace level, Pulsar does not support enabling topic level Geo Replication without enabling namespace level Geo Replication, because the policies namespace.replication_clusters has two meanings:

  1. Which cluster is allowed to access the namespace?
  2. Which clusters enabled Geo Replication?

PIP-321 Introduce allowed-cluster at the namespace level defined a new policy namespace.allowed_clusters, which splits the two definitions.

  • if allowed_clusters is not empty
    • allowed_clusters can be used to define which cluster is allowed to access the namespace, if it is set.
  • otherwise: the replication_clusters defines both statuses.

3 Issues

PIP-321 did not complete all the adaptations of codes, such as follows

    1. Expected behaviour: when a cluster permission was removed from a namespace, Pulsar will unload the namespace to prevent the topics under the namespace from being loaded up again.
    • Issue: the cluster is still defined allowed by namespace.allowed_clusters, the namespace is also unloaded. More importantly, in this case, all brokers will trigger an unloading, which will cause this namespace to remain unavailable for a long time. Every time any policy of the namespace is updated, unload will be triggered again for a round, which will cause the problem to become so serious as to be uncontrollable. The test testUpdateNamespacePolicies is used to reproduce the issue.
    1. Expected behaviour: a namespace can only be removed if only one cluster has permission to access it.
    • Issue: the namespace can be deleted even if allowed_cluster is defined as 2 clusters are allowed to access. The test testDeleteNamespaceIfTwoClustersAllowed is used to reproduce the issue.
    1. Expected behaviour: broker will unload the namespace if the isolation policy is changed, to make the new policy apply.
    • Issue: the namespace will not be unloaded if the allowed permission is defined by namespace.allowed_cluster. The test testUpdateNamespaceIsolationPolicy is used to reproduce the issue.

Modifications

  • Fix the 3 issues
  • Rather than check replication_clusters and allowed_clusters anywhere, use a common method to deal with them, including the following checks
    • Whether a cluster is allowed to access a namaspace.
    • New policy checking.

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

Matching PR in forked repository

PR in forked repository: x

@poorbarcode poorbarcode added this to the 4.2.0 milestone Oct 16, 2025
@poorbarcode poorbarcode self-assigned this Oct 16, 2025
@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Oct 16, 2025
@poorbarcode poorbarcode changed the title [fix] [broker] [fix] [broker] Fix wrong behaviour when using namespace.allowed_clusters, such as namespace deletion and namesapce policies updating Oct 16, 2025
@lhotari lhotari changed the title [fix] [broker] Fix wrong behaviour when using namespace.allowed_clusters, such as namespace deletion and namesapce policies updating [fix][broker] Fix wrong behaviour when using namespace.allowed_clusters, such as namespace deletion and namesapce policies updating Oct 16, 2025
@lhotari lhotari changed the title [fix][broker] Fix wrong behaviour when using namespace.allowed_clusters, such as namespace deletion and namesapce policies updating [fix][broker] Fix wrong behaviour when using namespace.allowed_clusters, such as namespace deletion and namespace policies updating Oct 17, 2025
@Technoboy- Technoboy- closed this Oct 22, 2025
@Technoboy- Technoboy- reopened this Oct 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lhotari lhotari lhotari left review comments

@Technoboy- Technoboy- Awaiting requested review from Technoboy-

@codelipenghui codelipenghui Awaiting requested review from codelipenghui

@RobertIndie RobertIndie Awaiting requested review from RobertIndie

@coderzc coderzc Awaiting requested review from coderzc

At least 1 approving review is required to merge this pull request.

Assignees

@poorbarcode poorbarcode

Labels

doc-not-needed Your PR changes do not impact docs ready-to-test release/4.0.8 release/4.1.2

Projects

None yet

Milestone

4.2.0

Development

Successfully merging this pull request may close these issues.

3 participants

@poorbarcode @lhotari @Technoboy-